According to a newly released cyber threat report, the volume and duration of DDoS (Distributed Denial of Service) attacks have increased 90 percent year-on-year–not a negligible number, considering how many perceive DDoS attacks as rather straightforward and preventable with currently available tools and strategies.
How bad is the DDoS problem?
The recent report about DDoS says that attacks surpassing 100 gigabits per second significantly increased, and attacks that lasted for over three hours surged. Small attacks still constitute the majority of the attacks, but terabit-level DDos campaigns have been steadily rising. Also, HTTP DDoS attacks launched by sophisticated botnets have been observed peaking in the tens of millions of RPS.
Additionally, there has been an increase in ransom DDoS attacks or those that involve the demand for a ransom in exchange for the cessation of the attack. Around 16 percent of the respondents in the study said that they received ransom demands as part of the DDoS they encountered.
DDoS remains a major threat despite the emergence of various cybersecurity solutions to counter it. As mentioned, the attacks have increased, which infers that this kind of cybercrime continues to be viable for perpetrators.
The losses organizations suffer vary depending on their size and nature of operations. One study says that small and midsize enterprises lose around $120,000 per attack, but this amount can easily go into the millions just like what happened to Bandwidth.com, which lost more than $12 million.
Aside from the financial losses due to interrupted business operations, DDoS attacks also inflict reputational damage. Businesses that suffer repetitive and prolonged downtimes tend to lose their regular and returning customers. The attacks may also discourage new customers because of the bad press on their cybersecurity capacity and the inaccessibility of their website, which forces prospective customers to look for alternatives.
Moreover, DDoS nowadays is no longer solely aimed at creating disruptions or forcing downtimes on business operations. Some are used as smokescreens to conceal more sinister attacks such as data theft and malware installation. As DDoS attacks keep cybersecurity teams busy, threat actors search for other vulnerabilities and exploit them while the security team is occupied.
It is crucial for organizations to invest in reliable DDoS protection services or solutions and implement the necessary defense mechanisms. These attacks are unlikely to go away in the foreseeable future. The best enterprises can do is to take advantage of the best solutions available and adopt best practices and proven strategies.
A better way to fight DDoS
Contrary to what many believe, dealing with DDoS is not as easy as it seems. Its distributed nature makes it difficult to accurately determine if the incoming traffic is legitimate or driven by bots. DDoS attacks can be launched from a large number of different sources, making it difficult to trace the origin of the attack. Additionally, attackers can use a variety of evolving techniques, such as using compromised devices or using spoofed IP addresses, to evade detection.
Still, there are ways to address DDoS effectively and avoid the worst consequences of becoming the target of such an attack.
One of the best ways to fight DDoS attacks is to use a combination of on-premises and cloud-based solutions. On-premises solutions, such as firewalls and intrusion prevention systems (IPS), can be used to block or filter out malicious traffic before it reaches the network. Cloud-based solutions, such as DDoS mitigation services, can be used to absorb and filter out large volumes of traffic before it makes it through the network.
IT security expert Mike Chapple of the University of Notre Dame notes that IPS is a good solution, but it is not effective on its own. Matching it with a cloud-based solution that includes advanced features such as website defense, network protection, individual IP protection, and DNS security can spell a big difference.
Cloud-based solutions play a crucial role in addressing the DDoS threat, but some tend to ignore it. There are solutions capable of proxying all incoming traffic, redirecting app traffic through scrubbing centers, and rerouting traffic through a BGP route to provide significant mitigation improvements.
Another effective strategy in combating DDoS attacks is the use of a content delivery network (CDN). CDNs are a network of servers in different parts of the world and are used to distribute content to users in the most efficient manner. By using a CDN, the traffic to a website is distributed across multiple servers, making it difficult for an attacker to overload a single server and take a website offline.
Also, it is a good idea for an organization to consider partnering with the internet service provider (ISP) responsible for their web connection. ISPs are usually well-versed when it comes to DDoS mitigation. They are in a privileged position that allows them to secure their customers’ networks against anomalous traffic.
Lastly, it is advisable to have a good incident response plan. Many organizations panic and resort to ineffective responses when faced with an attack they have not encountered before. Before any untoward event comes, it is crucial to have a plan that includes procedures for identifying and mitigating DDoS attacks, as well as procedures for communicating with customers and stakeholders in the event of an attack.
In summary
Is DDoS preventable? The ability of DDoS perpetrators to inflict disruptions and temporary setbacks may not be completely avoidable. However, the more serious adverse outcomes of this attack can be prevented. No organization needs to suffer from DDoS, regardless of the industry they are in, if everyone pays enough attention to the persistent fragrism.
Enterprises should choose proven cybersecurity defense solutions to keep up with the evolving attacks. This usually means a hybrid setup, with both on-premise and cloud-based tools put in place. Also, is it recommended to employ other strategies such as the use of a content delivery network, forging a partnership with an ISP, and establishing a thorough incident response plan.